Fix test suite failure caused by log rotation due to sandboxing warning message.

[thirdparty/cups.git] / scheduler / client.c
diff --git a/scheduler/client.c b/scheduler/client.c

index f388499dcf9da9de8ff1c7a88e7a5db4412a9c60..cfb0e1b9bd0869be444563da88cb41dde5055061 100644 (file)
--- a/scheduler/client.c
+++ b/scheduler/client.c
@@ -1,13 +1,14 @@
  /*
   * Client routines for the CUPS scheduler.
   *
- * Copyright 2007-2017 by Apple Inc.
- * Copyright 1997-2007 by Easy Software Products, all rights reserved.
+ * Copyright © 2007-2018 by Apple Inc.
+ * Copyright © 1997-2007 by Easy Software Products, all rights reserved.
   *
   * This file contains Kerberos support code, copyright 2006 by
   * Jelmer Vernooij.
   *
- * Licensed under Apache License v2.0.  See the file "LICENSE" for more information.
+ * Licensed under Apache License v2.0.  See the file "LICENSE" for more
+ * information.
   */
  
  /*
@@ -813,6 +814,18 @@ cupsdReadClient(cupsd_client_t *con)       /* I - Client to read from */
  
    if (status == HTTP_STATUS_OK)
    {
+   /*
+    * Record whether the client is a web browser.  "Mozilla" was the original
+    * and it seems that every web browser in existence now uses that as the
+    * prefix with additional information identifying *which* browser.
+    *
+    * Chrome (at least) has problems with multiple WWW-Authenticate values in
+    * a single header, so we only report Basic or Negotiate to web browsers and
+    * leave the multiple choices to the native CUPS client...
+    */
+
+    con->is_browser = !strncmp(httpGetField(con->http, HTTP_FIELD_USER_AGENT), "Mozilla/", 8);
+
      if (httpGetField(con->http, HTTP_FIELD_ACCEPT_LANGUAGE)[0])
      {
       /*
@@ -2092,19 +2105,20 @@ cupsdSendHeader(
      auth_str[0] = '\0';
  
      if (auth_type == CUPSD_AUTH_BASIC)
+    {
        strlcpy(auth_str, "Basic realm=\"CUPS\"", sizeof(auth_str));
+    }
      else if (auth_type == CUPSD_AUTH_NEGOTIATE)
      {
-#ifdef AF_LOCAL
+#if defined(SO_PEERCRED) && defined(AF_LOCAL)
        if (httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL)
-        strlcpy(auth_str, "Basic realm=\"CUPS\"", sizeof(auth_str));
+       strlcpy(auth_str, "PeerCred", sizeof(auth_str));
        else
-#endif /* AF_LOCAL */
+#endif /* SO_PEERCRED && AF_LOCAL */
        strlcpy(auth_str, "Negotiate", sizeof(auth_str));
      }
  
-    if (con->best && auth_type != CUPSD_AUTH_NEGOTIATE &&
-        !_cups_strcasecmp(httpGetHostname(con->http, NULL, 0), "localhost"))
+    if (con->best && auth_type != CUPSD_AUTH_NEGOTIATE && !con->is_browser && !_cups_strcasecmp(httpGetHostname(con->http, NULL, 0), "localhost"))
      {
       /*
        * Add a "trc" (try root certification) parameter for local non-Kerberos
@@ -2141,7 +2155,7 @@ cupsdSendHeader(
  #ifdef HAVE_AUTHORIZATION_H
         if (!_cups_strncasecmp(name, "@AUTHKEY(", 9))
         {
-         snprintf(auth_key, auth_size, ", AuthRef key=\"%s\"", name + 9);
+         snprintf(auth_key, auth_size, ", AuthRef key=\"%s\", Local trc=\"y\"", name + 9);
           need_local = 0;
           /* end parenthesis is stripped in conf.c */
           break;
@@ -2152,11 +2166,10 @@ cupsdSendHeader(
         {
  #ifdef HAVE_AUTHORIZATION_H
           if (SystemGroupAuthKey)
-           snprintf(auth_key, auth_size, ", AuthRef key=\"%s\"", SystemGroupAuthKey);
+           snprintf(auth_key, auth_size, ", AuthRef key=\"%s\", Local trc=\"y\"", SystemGroupAuthKey);
            else
-#else
-         strlcpy(auth_key, ", Local trc=\"y\"", auth_size);
  #endif /* HAVE_AUTHORIZATION_H */
+         strlcpy(auth_key, ", Local trc=\"y\"", auth_size);
           need_local = 0;
           break;
         }